Potential Use of Stale NFT Prices in `getNFTPrice` Function
Summary
The getNFTPrice function in the LendingPool contract retrieves the latest NFT price from the priceOracle. However, it does not check whether the returned price is stale. If the oracle fails to update the price for a prolonged period, the contract may rely on outdated data, leading to incorrect valuations and financial discrepancies. To ensure price freshness, the contract should implement a heartbeat mechanism, rejecting stale prices based on a predefined expiration time.
Vulnerability Details
Issue:
-
The function retrieves the latest NFT price along with the last update timestamp:
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId); -
However, it does not verify whether the
lastUpdateTimestampis recent. -
If the oracle has not updated the price for an extended period, the function may return an outdated price, which could lead to incorrect loan valuations, liquidations, or lending decisions.
Root Cause:
The contract assumes that the oracle always provides fresh prices, but in reality, an oracle may experience delays, failures, or attacks that prevent timely updates.
Without a heartbeat check, the contract has no way of distinguishing between fresh and stale prices.
Expected Behavior:
The contract should check the last update timestamp against the current block timestamp and ensure that the price is recent.
If the price is outdated beyond a predefined threshold (e.g.,
HEARTBEAT_INTERVAL), the function should reject the price to prevent reliance on stale data.
Impact
-
Incorrect Loan Valuations:
If the contract relies on an outdated price, it may allow borrowers to take loans based on an inflated NFT price, exposing the protocol to bad debt.
Conversely, if the price is stale and lower than the actual value, borrowers may receive less loan value than they should, leading to inefficiencies.
-
Faulty Liquidations:
Liquidators may execute liquidations based on outdated prices, causing unfair liquidations or missed liquidation opportunities when the price is not accurately reflected.
Tools Used
Manual Code Review
Recommendations
1. Implement a Heartbeat Check
Before returning the NFT price, check if the last update timestamp is within a predefined HEARTBEAT_INTERVAL (e.g., 1 hour). If the price is outdated, revert the transaction.
Fixed Code:
Explanation:
The function now checks the time difference between the last price update and the current block timestamp.
If the difference exceeds
HEARTBEAT_INTERVAL, it reverts, ensuring that only fresh prices are used.
2. Make HEARTBEAT_INTERVAL Configurable
Instead of hardcoding the HEARTBEAT_INTERVAL, allow governance or the admin to update it dynamically.
Benefit:
Allows flexibility to adjust the interval based on network conditions, oracle reliability, and security concerns.
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.